<?php
include 'connect_db.php';
//// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
//echo $myusername;
//echo $mypassword;
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE email_adress='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
mysql_close($link);
//echo $result;
// Mysql_num_row is counting table row
if($result){
    $count=mysql_num_rows($result);
}
else{
    $count=0;
}
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
    // Register $myusername, $mypassword and redirect to file "login_success.php"
    session_start();
    session_register("myusername");
    session_register("mypassword");
    $myusername=$_POST['myusername'];
    $mypassword=$_POST['mypassword'];
    header("location:board.php");
}
else {
    echo "<br>Mauvais mot de passe et/ou login!</br><br>Enregistrez vous d'abord (en bas sur la page d'accueil)</br><br>Envoyez un mail à l'administrateur si vous avez oublié votre mot de passe.</br>";
}
?> 
